CONTINUE TO SITE »
or wait 15 seconds

Blog

Why we'll never stamp out spear phishing

When subjects in a spear phishing study received a link to New Year's party pictures — and instructions not to share them — nearly half clicked through even though they didn't know the sender.

December 12, 2016

As long as humans sit at computer screens, there will be infected computers. There’s just no end to people being duped into clicking links that download viruses.

A report by The Register, a U.K. publication, described how test subjects, unaware that they were guinea pigs, fell for a phishing experiment:

  • subjects were sent a Facebook message or an email from an unfamiliar sender who claimed to have images from a New Year’s Eve party, and warned the recipient not to share them;
  • 43.5 percent of recipients clicked the Facebook message link and one-quarter clicked the email link;
  • 16 percent of the recipients who clicked on the message claimed that they knew the sender even though they did not;
  • many of the recipients denied clicking on a link; of those who admitted it, most named curiosity as the reason; and
  • 5 percent claimed that they thought it was safe to click a link because their browser would protect them from an attack.

There will always be a percentage of humans who will always allow curiosity to preside over common sense and logic. Never, never, ever clicking a link in an email is an impossible feat for them — perhaps more difficult than quitting smoking or losing 50 pounds.

This is the difficulty that businesses have with their employees, and it's how businesses get hacked and suffer massive data breaches.

The report said, too, that rigid training of employees can backfire because valid emails might then be ignored.

There must be a way to get around this, though — perhaps a phone call to the sender for verification if the company is small. Or, at a large business, perhaps executives could just resort to the old-fashioned method of reaching out to employees. How was this done before the World Wide Web was invented?

Digital signing of emails has been suggested, but this, too, has a drawback: Some employees might misinterpret signatures.

This doesn't mean that security training is all for naught. Research has proven that ongoing training with staged phishing emails makes a big difference.

Unfortunately, there will always be those people who just can’t say “no," even to something as mundane as images from a New Year’s Eve party from a sender they’ve never heard of.

photo istock

Related Media

Security
Examining biggest ATM security issues and 4 strategies to prevent them
Security
Banking privacy: 5 benefits for banks, customers
Security
Protecting an ATM's hardware, software by slowing down criminals
On-Demand Webinar
A Masterclass in ATM Security: Global Best Practices and Trends
Presented by Diebold Nixdorf
Recent Posts
Eurasian Bank selects Diebold Nixdorf's self-service software
First National Bank to open 30 branches
Romanian man arrested for alleged cash trapping ATM scheme
Replacing the ATM: Pros and cons of new vs. remanufactured
Chase partners with The Points Guy for Make-A-Wish sweepstakes


©2025 Networld Media Group, LLC. All rights reserved.
b'S1-NEW'